<?php
require_once ("include/functions.php");
require_once ("include/config.php");


dbconn();

standardheader('Manage News');

if ($CURUSER["edit_news"]!="yes")
   {
   err_msg(ERROR,ERR_NOT_AUTH);
   stdfoot();
   exit();
   }

if (isset($_GET["act"])) $action=$_GET["act"];
else $action ="";

if ($action=="del")
   {
       if ($CURUSER["delete_news"]=="yes")
          {
              mysql_query("DELETE FROM news WHERE id=".$_GET["id"]);
              redirect("index.php");
              exit();
          }
          else
              {
              err_msg(ERROR,CANT_DELETE_NEWS);
              stdfoot();
              exit();
              }

   }
elseif ($action=="edit")
       {
       if ($CURUSER["edit_news"]=="yes")
          {
              $rnews=mysql_query("SELECT * FROM news WHERE id=".intval($_GET["id"]));
              if (!$rnews)
                 {
                 err_msg(ERROR,ERR_BAD_NEWS_ID);
                 stdfoot();
                 exit();
                 }
              $row=mysql_fetch_array($rnews);
              if ($row)
                 {
                   $news=unesc($row["news"]);
                   $title=unesc($row["title"]);
                 }
              else
                  {
                   err_msg(ERROR,ERR_NO_NEWS_ID);
                   stdfoot();
                   exit();
                  }
          }
          else
              {
              err_msg(ERROR,CANT_DELETE_NEWS);
              stdfoot();
              exit();
              }
       }
else
    {
if (!isset($_POST["conferma"])) ;
      elseif ($_POST["conferma"]==FRM_CONFIRM)
         {
         if (isset($_POST["news"]) && isset($_POST["title"]))
            {
              $news=$_POST["news"];
              $uid=$CURUSER["uid"];
              $title=$_POST["title"];
              if ($news=="" || $title=="")
              {
                  err_msg(ERROR,ERR_INS_TITLE_NEWS);
              }
              else
              {
                $news=sqlesc($news);
                $title=sqlesc($title);
                $nid=intval($_POST["id"]);
                $action=$_POST['action'];
                if ($action=="edit")
                   mysql_query("UPDATE news SET news=$news,title=$title WHERE id=$nid") or die(mysql_error());
                else
                    mysql_query("INSERT INTO news (news,title,user_id,date) VALUES ($news,$title,$uid,NOW())") or die(mysql_error());
                redirect("index.php");
                exit();
              }
            }
         }
         elseif ($_POST["conferma"]==FRM_CANCEL) {
                redirect("index.php");
                exit();
                }
         else {
              $title="";
              $news="";
         }
}

block_begin(NEWS_PANEL);
global $news, $title;
?>
<div align="center">
  <form action="news.php" name="news" method="post">
  <table border="0" class="lista">
  <tr><td><input type="hidden" name="action" value="<?php echo $action ?>"/></td></tr>
  <tr><td><input type="hidden" name="id" value="<?php echo $_GET["id"] ?>"/></td></tr>
  <tr>
       <td align="center" colspan=2 class="header" >
           <?php echo NEWS_INSERT; ?>:<br />
       </td>
  </tr>
  <tr>
     <td align="left" class="lista" style="font-size:10pt">
         <?php echo NEWS_TITLE; ?>
     </td>
     <td align="left" class="lista">
         <input type="text" name="title" size="40" maxlength="40" value="<?php echo $title; ?>"/>
     </td>
  </tr>
  <tr>
     <td align="left" class="lista" valign="top" style="font-size:10pt">
         <?php echo NEWS_DESCRIPTION; ?>
     </td>
      <td align="left" class="lista">
  <?php echo textbbcode("news","news",$news); ?>
      </td>
  </tr>
  <tr>
  </tr>
  <tr>
     <td align="left" class="header" >
         <input type="submit" name="conferma" value="<?php echo FRM_CONFIRM ?>" />
     </td>
     <td align="left"class="header" >
         <input type="submit" name="conferma" value="<?php echo FRM_CANCEL ?>" />
     </td>
  </tr>
  </table>
  </form>
</div>

<?php

block_end();
stdfoot();

?>
